rpms/selinux-policy/devel modules-minimum.conf, 1.15, 1.16 modules-mls.conf, 1.49, 1.50 modules-targeted.conf, 1.117, 1.118 policy-20090105.patch, 1.54, 1.55
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Mar 6 21:11:35 UTC 2009
- Previous message: rpms/koffice/devel koffice-1.6.3-gcc43.patch, 1.4, 1.5 koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff, 1.4, 1.5 koffice-20090306svn.patch, NONE, 1.1 koffice-svn_checkout.sh, NONE, 1.1 koffice-xpdf-CVE-2007-3387.diff, 1.4, 1.5 .cvsignore, 1.26, 1.27 koffice.spec, 1.97, 1.98 sources, 1.26, 1.27 exiv2-0.18-attempt1.diff, 1.1, NONE
- Next message: rpms/vtk/devel vtk.spec,1.16,1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10456
Modified Files:
modules-minimum.conf modules-mls.conf modules-targeted.conf
policy-20090105.patch
Log Message:
* Thu Mar 4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.8-1
- Upgrade to latest patches
Index: modules-minimum.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-minimum.conf,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- modules-minimum.conf 5 Mar 2009 21:05:46 -0000 1.15
+++ modules-minimum.conf 6 Mar 2009 21:11:04 -0000 1.16
@@ -412,6 +412,14 @@
#
gpg = module
+# Layer: services
+# Module: gpsd
+#
+# gpsd monitor daemon
+#
+#
+gpsd = module
+
# Layer: apps
# Module: git
#
Index: modules-mls.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- modules-mls.conf 5 Mar 2009 21:05:46 -0000 1.49
+++ modules-mls.conf 6 Mar 2009 21:11:04 -0000 1.50
@@ -413,6 +413,14 @@
gpg = off
# Layer: services
+# Module: gpsd
+#
+# gpsd monitor daemon
+#
+#
+gpsd = module
+
+# Layer: services
# Module: gpm
#
# General Purpose Mouse driver
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.117
retrieving revision 1.118
diff -u -r1.117 -r1.118
--- modules-targeted.conf 5 Mar 2009 21:05:46 -0000 1.117
+++ modules-targeted.conf 6 Mar 2009 21:11:04 -0000 1.118
@@ -412,6 +412,14 @@
#
gpg = module
+# Layer: services
+# Module: gpsd
+#
+# gpsd monitor daemon
+#
+#
+gpsd = module
+
# Layer: apps
# Module: git
#
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- policy-20090105.patch 5 Mar 2009 21:05:46 -0000 1.54
+++ policy-20090105.patch 6 Mar 2009 21:11:04 -0000 1.55
@@ -4394,7 +4394,7 @@
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-03-02 16:51:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in 2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in 2009-03-06 16:02:17.000000000 -0500
@@ -65,10 +65,12 @@
type server_packet_t, packet_type, server_packet_type;
@@ -4408,7 +4408,7 @@
network_port(amanda, udp,10080,s0, tcp,10080,s0, udp,10081,s0, tcp,10081,s0, tcp,10082,s0, tcp,10083,s0)
network_port(amavisd_recv, tcp,10024,s0)
network_port(amavisd_send, tcp,10025,s0)
-@@ -79,26 +81,33 @@
+@@ -79,26 +81,34 @@
network_port(auth, tcp,113,s0)
network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
@@ -4438,12 +4438,13 @@
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
network_port(giftd, tcp,1213,s0)
network_port(gopher, tcp,70,s0, udp,70,s0)
++network_port(gpsd,tcp,2947,s0)
network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0) # 8118 is for privoxy
+portcon tcp 10001-10010 gen_context(system_u:object_r:http_cache_port_t, s0)
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
-@@ -118,6 +127,8 @@
+@@ -118,6 +128,8 @@
network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
@@ -4452,7 +4453,7 @@
network_port(ktalkd, udp,517,s0, udp,518,s0)
network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
-@@ -127,6 +138,7 @@
+@@ -127,6 +139,7 @@
network_port(mmcc, tcp,5050,s0, udp,5050,s0)
network_port(monopd, tcp,1234,s0)
network_port(msnp, tcp,1863,s0, udp,1863,s0)
@@ -4460,7 +4461,7 @@
network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
network_port(nessus, tcp,1241,s0)
-@@ -137,12 +149,21 @@
+@@ -137,12 +150,21 @@
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
network_port(pegasus_http, tcp,5988,s0)
network_port(pegasus_https, tcp,5989,s0)
@@ -4482,7 +4483,7 @@
network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0)
network_port(pxe, udp,4011,s0)
-@@ -161,9 +182,11 @@
+@@ -161,9 +183,11 @@
network_port(rwho, udp,513,s0)
network_port(smbd, tcp,137-139,s0, tcp,445,s0)
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
@@ -4495,7 +4496,7 @@
network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
-@@ -172,14 +195,17 @@
+@@ -172,14 +196,17 @@
network_port(syslogd, udp,514,s0)
network_port(telnetd, tcp,23,s0)
network_port(tftp, udp,69,s0)
@@ -9128,7 +9129,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.8/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/clamav.te 2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/clamav.te 2009-03-06 10:10:40.000000000 -0500
@@ -13,7 +13,10 @@
# configuration files
@@ -9205,7 +9206,7 @@
kernel_read_kernel_sysctls(clamscan_t)
files_read_etc_files(clamscan_t)
-@@ -221,6 +244,12 @@
+@@ -221,6 +244,8 @@
clamav_stream_connect(clamscan_t)
@@ -9214,10 +9215,6 @@
optional_policy(`
apache_read_sys_content(clamscan_t)
')
-+
-+optional_policy(`
-+ mailscanner_manage_spool(clamscan_t)
-+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.8/policy/modules/services/consolekit.fc
--- nsaserefpolicy/policy/modules/services/consolekit.fc 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.6.8/policy/modules/services/consolekit.fc 2009-03-05 15:25:24.000000000 -0500
@@ -12100,7 +12097,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.8/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ftp.te 2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ftp.te 2009-03-06 10:14:51.000000000 -0500
@@ -26,7 +26,7 @@
## <desc>
## <p>
@@ -12144,7 +12141,7 @@
fs_search_auto_mountpoints(ftpd_t)
fs_getattr_all_fs(ftpd_t)
-+fs_search_fusefs_dirs(ftpd_t)
++fs_search_fusefs(ftpd_t)
auth_use_nsswitch(ftpd_t)
auth_domtrans_chk_passwd(ftpd_t)
@@ -12343,6 +12340,156 @@
+ polkit_read_reload(gnomeclock_t)
+')
+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.8/policy/modules/services/gpsd.fc
+--- nsaserefpolicy/policy/modules/services/gpsd.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gpsd.fc 2009-03-06 16:02:17.000000000 -0500
+@@ -0,0 +1,3 @@
++
++/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.8/policy/modules/services/gpsd.if
+--- nsaserefpolicy/policy/modules/services/gpsd.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gpsd.if 2009-03-06 16:03:34.000000000 -0500
+@@ -0,0 +1,83 @@
++## <summary>gpsd monitor daemon</summary>
++
++########################################
++## <summary>
++## Execute a domain transition to run gpsd.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`gpsd_domtrans',`
++ gen_require(`
++ type gpsd_t, gpsd_exec_t;
++ ')
++
++ domtrans_pattern($1, gpsd_exec_t, gpsd_t)
++')
++
++########################################
++## <summary>
++## Execute gpsd in the gpsd domain, and
++## allow the specified role the gpsd domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the gpsd domain.
++## </summary>
++## </param>
++#
++interface(`gpsd_run',`
++ gen_require(`
++ type gpsd_t;
++ ')
++
++ gpsd_domtrans($1)
++ role $2 types gpsd_t;
++')
++
++########################################
++## <summary>
++## Read and write to gpsd shared memory.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`gpsd_rw_shm',`
++ gen_require(`
++ type gpsd_t;
++ ')
++
++ allow $1 gpsd_t:shm rw_shm_perms;
++')
++
++########################################
++## <summary>
++## Read/write gpsd tmpfs files.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`gpsd_rw_tmpfs_files',`
++ gen_require(`
++ type gpsd_tmpfs_t;
++ ')
++
++ fs_search_tmpfs($1)
++ allow $1 gpsd_tmpfs_t:dir list_dir_perms;
++ rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
++ read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.8/policy/modules/services/gpsd.te
+--- nsaserefpolicy/policy/modules/services/gpsd.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/gpsd.te 2009-03-06 16:06:45.000000000 -0500
+@@ -0,0 +1,52 @@
++policy_module(gpsd,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type gpsd_t;
++type gpsd_exec_t;
++application_domain(gpsd_t, gpsd_exec_t)
++role system_r types gpsd_t;
++
++type gpsd_tmpfs_t;
++files_tmpfs_file(gpsd_tmpfs_t)
++
++########################################
++#
++# gpsd local policy
++#
++
++allow gpsd_t self:capability { setuid sys_nice setgid fowner };
++allow gpsd_t self:process setsched;
++allow gpsd_t self:shm create_shm_perms;
++allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
++allow gpsd_t self:tcp_socket create_stream_socket_perms;
++
++manage_dirs_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
++manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
++fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file })
++
++corenet_tcp_bind_all_nodes(gpsd_t)
++corenet_tcp_bind_gpsd_port(gpsd_t)
++
++term_use_unallocated_ttys(gpsd_t)
++term_setattr_unallocated_ttys(gpsd_t)
++
++auth_use_nsswitch(gpsd_t)
++
++logging_send_syslog_msg(gpsd_t)
++
++miscfiles_read_localization(gpsd_t)
++
++optional_policy(`
++ ntpd_rw_shm(gpsd_t)
++ ntpd_rw_tmpfs_files(gpsd_t)
++')
++
++optional_policy(`
++ dbus_system_bus_client(gpsd_t)
++')
++
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.8/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2008-11-19 11:51:44.000000000 -0500
+++ serefpolicy-3.6.8/policy/modules/services/hal.fc 2009-03-05 15:25:24.000000000 -0500
@@ -14831,7 +14978,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.8/policy/modules/services/ntp.if
--- nsaserefpolicy/policy/modules/services/ntp.if 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/ntp.if 2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/ntp.if 2009-03-06 16:02:17.000000000 -0500
@@ -37,6 +37,32 @@
########################################
@@ -14865,7 +15012,7 @@
## Execute ntp server in the ntpd domain.
## </summary>
## <param name="domain">
-@@ -56,6 +82,24 @@
+@@ -56,6 +82,63 @@
########################################
## <summary>
@@ -14885,6 +15032,45 @@
+ init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
+')
+
++#######################################
++## <summary>
++## Read/write ntpdd tmpfs files.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`ntpd_rw_tmpfs_files',`
++ gen_require(`
++ type ntpd_tmpfs_t;
++ ')
++
++ fs_search_tmpfs($1)
++ list_dirs_pattern($1,ntpd_tmpfs_t,ntpd_tmpfs_t)
++ rw_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
++ read_lnk_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
++')
++
++########################################
++## <summary>
++## Read and write to ntpd shared memory.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`ntpd_rw_shm',`
++ gen_require(`
++ type ntpd_t;
++ ')
++
++ allow $1 ntpd_t:shm rw_shm_perms;
++')
++
+########################################
+## <summary>
## All of the rules required to administrate
@@ -14892,8 +15078,18 @@
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.8/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ntp.te 2009-03-05 15:25:24.000000000 -0500
-@@ -38,10 +38,11 @@
++++ serefpolicy-3.6.8/policy/modules/services/ntp.te 2009-03-06 16:02:17.000000000 -0500
+@@ -25,6 +25,9 @@
+ type ntpd_tmp_t;
+ files_tmp_file(ntpd_tmp_t)
+
++type ntpd_tmpfs_t;
++files_tmpfs_file(ntpd_tmpfs_t)
++
+ type ntpd_var_run_t;
+ files_pid_file(ntpd_var_run_t)
+
+@@ -38,10 +41,11 @@
# sys_resource and setrlimit is for locking memory
# ntpdate wants sys_nice
@@ -14906,7 +15102,7 @@
allow ntpd_t self:unix_dgram_socket create_socket_perms;
allow ntpd_t self:unix_stream_socket create_socket_perms;
allow ntpd_t self:tcp_socket create_stream_socket_perms;
-@@ -52,6 +53,7 @@
+@@ -52,6 +56,7 @@
can_exec(ntpd_t,ntpd_exec_t)
read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
@@ -14914,7 +15110,18 @@
allow ntpd_t ntpd_log_t:dir setattr;
manage_files_pattern(ntpd_t,ntpd_log_t,ntpd_log_t)
-@@ -90,6 +92,9 @@
+@@ -62,6 +67,10 @@
+ manage_files_pattern(ntpd_t, ntpd_tmp_t, ntpd_tmp_t)
+ files_tmp_filetrans(ntpd_t, ntpd_tmp_t, { file dir })
+
++manage_dirs_pattern(ntpd_t, ntpd_tmpfs_t, ntpd_tmpfs_t)
++manage_files_pattern(ntpd_t, ntpd_tmpfs_t, ntpd_tmpfs_t)
++fs_tmpfs_filetrans(ntpd_t, ntpd_tmpfs_t, { dir file })
++
+ manage_files_pattern(ntpd_t, ntpd_var_run_t, ntpd_var_run_t)
+ files_pid_filetrans(ntpd_t, ntpd_var_run_t, file)
+
+@@ -90,6 +99,9 @@
fs_getattr_all_fs(ntpd_t)
fs_search_auto_mountpoints(ntpd_t)
@@ -14924,6 +15131,18 @@
term_use_ptmx(ntpd_t)
+@@ -121,6 +133,11 @@
+ ')
+
+ optional_policy(`
++ gpsd_rw_shm(ntpd_t)
++ gpsd_rw_tmpfs_files(ntpd_t)
++')
++
++optional_policy(`
+ firstboot_dontaudit_use_fds(ntpd_t)
+ firstboot_dontaudit_rw_pipes(ntpd_t)
+ firstboot_dontaudit_rw_stream_sockets(ntpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.8/policy/modules/services/nx.te
--- nsaserefpolicy/policy/modules/services/nx.te 2009-01-19 11:07:34.000000000 -0500
+++ serefpolicy-3.6.8/policy/modules/services/nx.te 2009-03-05 15:25:24.000000000 -0500
@@ -18984,7 +19203,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.8/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/samba.te 2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/services/samba.te 2009-03-06 15:54:27.000000000 -0500
@@ -66,6 +66,13 @@
## </desc>
gen_tunable(samba_share_nfs, false)
@@ -19171,7 +19390,7 @@
+ fs_manage_fusefs_dirs(smbd_t)
+ fs_manage_fusefs_files(smbd_t)
+',`
-+ fs_search_fusefs_dirs(smbd_t)
++ fs_search_fusefs(smbd_t)
')
+
@@ -27154,7 +27373,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.8/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/unconfined.te 2009-03-05 15:25:24.000000000 -0500
++++ serefpolicy-3.6.8/policy/modules/system/unconfined.te 2009-03-06 16:03:12.000000000 -0500
@@ -5,6 +5,35 @@
#
# Declarations
@@ -27319,69 +27538,77 @@
')
optional_policy(`
-@@ -119,31 +202,33 @@
+@@ -119,72 +202,80 @@
')
optional_policy(`
- inn_domtrans(unconfined_t)
-+ iptables_run(unconfined_t, unconfined_r)
++ gpsd_run(unconfined_t, unconfined_r)
')
optional_policy(`
- java_domtrans_unconfined(unconfined_t)
-+ java_run_unconfined(unconfined_t, unconfined_r)
++ iptables_run(unconfined_t, unconfined_r)
')
optional_policy(`
- lpd_run_checkpc(unconfined_t, unconfined_r)
-+ kismet_run(unconfined_t, unconfined_r)
++ java_run_unconfined(unconfined_t, unconfined_r)
')
optional_policy(`
- modutils_run_update_mods(unconfined_t, unconfined_r)
-+ livecd_run(unconfined_t, unconfined_r)
++ kismet_run(unconfined_t, unconfined_r)
')
optional_policy(`
- mono_domtrans(unconfined_t)
-+ lpd_run_checkpc(unconfined_t, unconfined_r)
++ livecd_run(unconfined_t, unconfined_r)
')
optional_policy(`
- mta_role(unconfined_r, unconfined_t)
-+ modutils_run_update_mods(unconfined_t, unconfined_r)
++ lpd_run_checkpc(unconfined_t, unconfined_r)
')
optional_policy(`
- oddjob_domtrans_mkhomedir(unconfined_t)
++ modutils_run_update_mods(unconfined_t, unconfined_r)
+ ')
+
+ optional_policy(`
+- prelink_run(unconfined_t, unconfined_r)
+ mono_role_template(unconfined, unconfined_r, unconfined_t)
+ unconfined_domain(unconfined_mono_t)
+ role system_r types unconfined_mono_t;
')
optional_policy(`
-@@ -155,36 +240,38 @@
+- portmap_run_helper(unconfined_t, unconfined_r)
++ prelink_run(unconfined_t, unconfined_r)
')
optional_policy(`
- postfix_run_map(unconfined_t, unconfined_r)
- # cjp: this should probably be removed:
- postfix_domtrans_master(unconfined_t)
++ portmap_run_helper(unconfined_t, unconfined_r)
+ ')
+
+ optional_policy(`
+- pyzor_role(unconfined_r, unconfined_t)
-')
+ qemu_role_notrans(unconfined_r, unconfined_t)
+ qemu_unconfined_role(unconfined_r)
-optional_policy(`
-- pyzor_role(unconfined_r, unconfined_t)
+- # cjp: this should probably be removed:
+- rpc_domtrans_nfsd(unconfined_t)
+ tunable_policy(`allow_unconfined_qemu_transition',`
+ qemu_domtrans(unconfined_t)
+ ',`
+ qemu_domtrans_unconfined(unconfined_t)
- ')
--
--optional_policy(`
-- # cjp: this should probably be removed:
-- rpc_domtrans_nfsd(unconfined_t)
++')
')
optional_policy(`
@@ -27411,7 +27638,7 @@
')
optional_policy(`
-@@ -192,7 +279,7 @@
+@@ -192,7 +283,7 @@
')
optional_policy(`
@@ -27420,7 +27647,7 @@
')
optional_policy(`
-@@ -204,11 +291,12 @@
+@@ -204,11 +295,12 @@
')
optional_policy(`
@@ -27435,7 +27662,7 @@
')
########################################
-@@ -218,14 +306,61 @@
+@@ -218,14 +310,61 @@
allow unconfined_execmem_t self:process { execstack execmem };
unconfined_domain_noaudit(unconfined_execmem_t)
- Previous message: rpms/koffice/devel koffice-1.6.3-gcc43.patch, 1.4, 1.5 koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff, 1.4, 1.5 koffice-20090306svn.patch, NONE, 1.1 koffice-svn_checkout.sh, NONE, 1.1 koffice-xpdf-CVE-2007-3387.diff, 1.4, 1.5 .cvsignore, 1.26, 1.27 koffice.spec, 1.97, 1.98 sources, 1.26, 1.27 exiv2-0.18-attempt1.diff, 1.1, NONE
- Next message: rpms/vtk/devel vtk.spec,1.16,1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list